Default capabilities: some containers do not drop any
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
Containers are running without dropping any Linux capabilities, meaning they retain all default privileges. This configuration does not follow security best practices, as containers should only have the minimum capabilities required.
Impact#
If exploited, containers with unnecessary capabilities could be leveraged by attackers to escalate privileges or compromise the host system, increasing the risk of lateral movement or unauthorized access within the environment.
Resolution#
Specify at least one unneeded capability in ‘containers[].securityContext.capabilities.drop